Which law is regarded as the cornerstone of many computer related federal laws and enforcement efforts?

Scheduled maintenance: Saturday, September 10 from 11PM to 12AM PDT

Home

Subjects

Expert solutions

Create

Log in

Sign up

Upgrade to remove ads

Only ₩37,125/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (31)

Define laws

Rules that mandate or prohibit certain behavior and are enforced by the state

Define Policies

Managerial directives that specify acceptable and unacceptable employee behavior in the workplace

Civil Law

Comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizations and people.

Criminal Law

Addresses activities and conduct harmful to society, and is actively enforced by the state. Law can also be categorized as private or public.

Public law

Regulates the structure and the administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.

What is the Computer Fraud and Abuse Act of 1986?

The Computer Fraud and Abuse Act of 1986 (CFA Act or CFAA) is the cornerstone of many computer-related federal laws and enforcement efforts. It was originally written as an extension and clarification to the Comprehensive Crime Control Act of 1984.

Who was the CFAA amended by?

The National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes.

What did the penalties of the National Information Infrastructure Protection Act of 1996 depend on?

• For the purpose of commercial advantage
• For private financial gain
• In furtherance of a criminal act

The Privacy of Customer Information Section

The Privacy of Customer Information Section of the common carrier regulations states that any proprietary information shall be used explicitly for providing services, and not for marketing purposes.

The Electronic Communications Privacy Act (ECPA) of 1986

Informally referred to as the wiretapping acts, is a collection of statutes that regulates the interception of wire, electronic, and oral communications.

The Health Insurance Portability and Accountability Act of 1996 (HIPPA)

Also know as the Kennedy-Kassebaum Act, protects the confidentiality and security of healthcare data by establishing and enforcing standards and by standardizing electronic data interchange.

The Financial Services Modernization Act or Gramm-Leach Bliley Act of 1999

Contains many provisions that focus on facilitating affiliation among banks, securities firms, and insurance companies. This act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.

Computer Fraud and Abuse Act (also known as Fraud and Related Activity in Connection with Computer; 18 USC 1030) Define and formalizes laws to counter threats from computer related acts and offenses (amended in 1996, 2001, 2006)

Threats to Computers

The Computer Security Act of 1987

Requires all federal computer systems that contain classified information to have security plans in place, and requires periodic security training for all people who operate, design or manage such systems

Terrorism PATRIOTS ACT

USA PATRIOTS Act of 2001 (update to 18 USC 1030) Defines stiffer penalties for prosecution of terrorist crimes

3 causes of unethical and illegal behavior

Ignorance, Accident, Intent

Describe Ignorance and how to prevent it?

Ignorance of the law is no excuse, however, ignorance of policy and procedures is. The first method of deterrence is education, which is accomplished by designing, publishing, and disseminating an organizations policies and relevant laws.

Describe Accident and how to prevent?

People who have authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Planning and control can help prevent this.

Describe Intent and how to prevent?

Criminal or unethical intent goes to the state of mind of the person performing the act; it is often necessary to establish criminal intent to successfully prosecute offenders. Need technical controls, and vigorous litigation or prosecution if these controls fail.

3 conditions must be present to secure information?

Fear of Penalty, Probability of being apprehended, Probability of penalty being applied

Define Fear of Penalty

Potential offenders must fear the penalty. Threats of informal reprimand or verbal warning do not have the same impact as the threat of imprisonment or forfeiture of pay.

Probability of being apprehended?

Potential offenders must believe there is a strong possibility of being caught.

Probability of penalty being applied?

Potential offenders must believe that the penalty will be administered.

Ethical differences between cultures?

Cultural differences can make it difficult to determine what is ethical and what is not-especially when it comes to the use of computers. Studies on ethic and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group

The Digital Mill Copyright Act (DMCA)

The American contribution to an international effort by the Word Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures. This law was created in response to the 1995 adoption of Directive 95/46/EC by the European Union, which added protection for individual citizens with regard to the processing of personal data and its use and movement. The United Kingdom has implemented a version of this law called the Database Right to comply with Directive 95/46/EC.

The Council of Europe adopted the Convention on Cybercrime in 2001

It created an international task force to oversee a range of security functions associated with Internet activities and standardized technology law across international borders.

International Laws

IT professionals and information security practitioners must realize that when their organization do business on the Internet, they do business globally. As a result, these professionals must be sensitive to the laws and ethical values of many different cultures, societies, and countries.

The Sarbanes-Oxley Act of 2002

Also known as SOX or the Corporate and Auditing Accountability and Responsibility Act, is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. The law seeks to improve reliability and accuracy of financial reporting as well as increase the accountability of corporate governance, in publicly traded companies.

The Economic Espionage Act in 1996

To protect American ingenuity, intellectual property, and competitive advantage, Congress passed the Economic Espionage Act in 1996. This law attempts to prevent trade secrets from being illegally shared.

The Security and Freedom through Encryption Act of 1999

Provides guidance for the use of encryption and provides protection from government intervention. The acts included include provisions that:
1. Reinforce a person right to use or sell encryption algorithms without concern for regulations requiring some form of key registration
2. Prohibit the federal government from requiring the use of encryption for contracts, grants, and other official documents and correspondence.
3. State that the use of encryption is not probable cause to suspect criminal activity.
4. Provide additional penalties for the use of encryption in the commission of a criminal act.

Misuse of Corporate Resources

Communicate, Educate, and Execute seeks to inform all corporate stakeholders about ethically motived actions and then implement programs to achieve its stated value in practice.

Sets found in the same folder

Chapter 7 Quiz Question Bank - CIST1601-Informatio…

72 terms

bwheele6791

Chapter 5 - ITSY 1300

50 terms

abbyoatman

Chapter One Intro to Information Security

63 terms

James_Chacon9

ICTN-4040 Chapter 03

15 terms

alexanderch26

Other sets by this creator

Secure Final, Quiz 12 Information Security Fundame…

61 terms

etrejoleal

Intro to Network Security Final Exam

60 terms

etrejoleal

Chapter 4

78 terms

etrejoleal

Final Review - CIST1601-Information Security Fund

448 terms

etrejoleal

Other Quizlet sets

Chapter 5/6

39 terms

katelinbrech

"Duffy's Jacket" Quiz- Short Story Quiz #3

20 terms

mrsandrews-vschsdTEACHER

western test

27 terms

isxbelgxrcia3000PLUS

Related questions

QUESTION

The ethical decision-making process is futile if no action is taken, because no action represents tacit approval of the situation.

11 answers

QUESTION

Paying bribes and kickbacks to grease business transactions

6 answers

QUESTION

What thought did Lawrence put in Deborah's head that lead to misunderstandings?

2 answers

QUESTION

What do FDA and USDA regulate

8 answers

What is the subject of the Computer Security Act quizlet?

What federal law passed in 1986 and what did it do quizlet?

Which of the following acts is also widely known as the Gramm Leach Bliley Act?

Which type of law regulates the relationships among individuals and among individuals and organizations?